Advice on CRISC
Hi everyone, I just passed the CISA. I currently work in Internal Audit and do some IT Audit work as well. I wanted to take the CISM, but, I don't think I will be able to gain the exposure to satisfy the work requirements for the certification. CRISC seems to over lap in some of the IT Internal Audit duties. I just wanted to get your opinions/feedback as far as what you may think would be a better route? I want to eventually move in to IT/Risk Assessment full time.
Comments
-
ilikeshells Member Posts: 59 ■■□□□□□□□□If you do IT audits and come from a non-IT background, take some time and understand IT. Understand networking at a CCNA level, understand AD/OD and server architecture, and how to conduct network assessments with tools. Focus on how to truly identify IT risks more than "process this, procedure that" (this is only half of the picture). The CRISC does not really teach you how to identify risk. It teaches you the process of managing risk once it's identified but you can't manage what you don't really know or purely rely on others to tell you. So my advise is to knock out the CCNA and MCSE. Then focus on the security and control aspect (CISSP, CEH, etc.)